2015-02-04 16:06:30

by Andries E. Brouwer

[permalink] [raw]
Subject: Re: [PATCH] partitions: Avoid recursion in extended partition scanning

On Wed, Feb 04, 2015 at 06:24:36PM +0400, Alexandr Kotov wrote:
> If externded partition record points to itself there will be recursion in
> partition scanning
> until we reach partition limit of 255 per disk.
> There is no big deal to have so many partition, but then udev takes place
> in handing this things
> it may run out off memory, especialy on systems with 1G and lower RAM on
> board. So you could neither boot with such disk inside nor erase it.
> I reported such error for Arch Linux some time ago
> https://bugs.archlinux.org/task/36532
> At the link above there is steps to reproduce bug.
>
> Signed-off-by: Alexandr Kotov <[email protected]>
> ---
> block/partitions/msdos.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c
> index 93e7c1b..3f03768 100644
> --- a/block/partitions/msdos.c
> +++ b/block/partitions/msdos.c
> @@ -196,7 +196,8 @@ static void parse_extended(struct parsed_partitions
> *state,
> */
> p -= 4;
> for (i = 0; i < 4; i++, p++)
> - if (nr_sects(p) && is_extended_partition(p))
> + if (nr_sects(p) && is_extended_partition(p)
> + && start_sect(p) != 0)
> break;
> if (i == 4)
> goto done; /* nothing left to do */
> --
> 2.1.0

Yes, one might do that.

This cannot be very urgent since this code is twenty years old.
This patch does not necessarily help, since there are more ways
recursion might happen. Perhaps it would be better to settle
this potential problem completely.

For example, ignore partitions that are known already (in the
"process data partitions" part), and let the loop terminate
via the loopct test that is already there.

Andries